64% of Ransomware Attackers Launder Proceeds via Crypto Exchanges

A ransomware attack involves the infection of a target with malware and the demand of a ransom payment — frequently denominated in cryptocurrencies. The payment is demanded in return for the ostensible delivery of a decryptor tool that can help victims recover access to their data.

United States-based blockchain intelligence firm Chainalysis claims that 64% of ransomware attack cash-out strategies involve the laundering of funds via cryptocurrency exchanges. The data was revealed in a Chainalysis webinar attended by Cointelegraph on May 30.

The analysis also noted that ransomware attacks typically involve less complex cash-out networks as compared with crypto exchange hacks. Chainalysis argued that this is because a hack often involves a large amount of money leaving a known exchange, often attracting high media publicity, and requiring that hackers conceal the flow of funds more robustly.

In addition to cash-out strategies, Chainalysis also identified a shift in the ransomware threat landscape. Previous trends, according to the firm, had been to conduct wide and shallow attacks — infecting a large amount of indeterminate victims and seeking small amounts as a ransom to decrypt files. Recent trends, however, indicate that criminals are shifting to targets with legally or politically sensitive data, as well as raising the amount of ransom payment demanded.

As recently reported, Coveware’s Q1 2019 Global Ransomware Marketplace report revealed that bitcoin (BTC) continues to account for the lion’s share — 98% — of crypto-denominated ransomware payments. The report, echoing Chainalysis’ claims, found that the average sum demanded had risen 89% from a median $6,733 in Q4 2018 to $12,762 in Q1 2019.